Date: Thu, 09 Jun 2011 13:03:47 +0400 From: Andrey Groshev <andrey.groshev@yartv.ru> To: freebsd-jail@FreeBSD.org Subject: Changes in /etc/rc.d/jail Message-ID: <4DF08C73.6010308@yartv.ru>
next in thread | raw e-mail | index | archive | help
Hello All! The other day, looking in "/etc/rc.d/jail" saw the change that would not like to be ignored. After seeing comments in the CVS, I thought that people understand the addition of "&" how to add a parallel load prisons. This is done not for this! The fact is that last year I wrote a kern/139422. The essence is as follows: For example, a hacked jail. An attacker puts in jail is never ending start script (like while true ;....). The next time you restart the parent system, the subsystem will start after / etc / rc.d / jail did not start. # rcorder /etc/rc.d/* ...... 130 /etc/rc.d/jail 131 /etc/rc.d/localpkg 132 /etc/rc.d/securelevel 133 /etc/rc.d/power_profile 134 /etc/rc.d/othermta 135 /etc/rc.d/nfscbd 136 /etc/rc.d/natd 137 /etc/rc.d/msgs 138 /etc/rc.d/moused 139 /etc/rc.d/mixer 140 /etc/rc.d/inetd 141 /etc/rc.d/hostapd 142 /etc/rc.d/gptboot 143 /etc/rc.d/geli2 144 /etc/rc.d/ftpd 145 /etc/rc.d/ftp-proxy 146 /etc/rc.d/dhclient 147 /etc/rc.d/bsnmpd 148 /etc/rc.d/bridge 149 /etc/rc.d/bluetooth 150 /etc/rc.d/bgfsck 151 /etc/rc.d/addswap Ieparent system may not be workable. Therefore, IMHO, or should go back to the originally done (as in version 1.44), or default allow "parallel" booting, or come up with a plan "B". Best regards, Andrey Groshev aka GreenX.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4DF08C73.6010308>